Date: Wed, 23 Jan 2019 14:40:54 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r491041 - head/www/apache24 Message-ID: <201901231440.x0NEesSe012858@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Wed Jan 23 14:40:53 2019 New Revision: 491041 URL: https://svnweb.freebsd.org/changeset/ports/491041 Log: Update to 2.4.38 Changelog: *) SECURITY: CVE-2018-17199 (cve.mitre.org) mod_session: mod_session_cookie does not respect expiry time allowing sessions to be reused. [Hank Ibell] *) SECURITY: CVE-2018-17189 (cve.mitre.org) mod_http2: fixes a DoS attack vector. By sending slow request bodies to resources not consuming them, httpd cleanup code occupies a server thread unnecessarily. This was changed to an immediate stream reset which discards all stream state and incoming data. [Stefan Eissing] *) SECURITY: CVE-2019-0190 (cve.mitre.org) mod_ssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and later. PR 63052. [Joe Orton] *) mod_ssl: Clear retry flag before aborting client-initiated renegotiation. PR 63052 [Joe Orton] *) mod_negotiation: Treat LanguagePriority as case-insensitive to match AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet] *) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges have been fixed. [Michael Kaufmann, Stefan Eissing] *) mod_setenvif: We can have expressions that become true if a regex pattern in the expression does NOT match. In this case val is NULL and we should just set the value for the environment variable like in the pattern case. [Ruediger Pluem] *) mod_session: Always decode session attributes early. [Hank Ibell] *) core: Incorrect values for environment variables are substituted when multiple environment variables are specified in a directive. [Hank Ibell] *) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when this type of map is present in the configuration. PR62311. [Hank Ibell <hwibell gmail.com>] *) mod_dav: Fix invalid Location header when a resource is created by passing an absolute URI on the request line [Jim Jagielski] *) mod_session_cookie: avoid duplicate Set-Cookie header in the response. [Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano] *) mod_ssl: clear *SSL errors before loading certificates and checking afterwards. Otherwise errors are reported when other SSL using modules are in play. Fixes PR 62880. [Michael Kaufmann] *) mod_ssl: Fix the error code returned in an error path of 'ssl_io_filter_handshake()'. This messes-up error handling performed in 'ssl_io_filter_error()' [Yann Ylavic] *) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix authz provider so "Require ssl" works correctly in HTTP/2. PR 61519, 62654. [Joe Orton, Stefan Eissing] *) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative redirects, subsequent ProxyPassReverse statements, whether they are relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>] *) mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1] MFH: 2019Q1 Security: eb888ce5-1f19-11e9-be05-4c72b94353b5 Sponsored by: Netzkommune GmbH Modified: head/www/apache24/Makefile head/www/apache24/distinfo Modified: head/www/apache24/Makefile ============================================================================== --- head/www/apache24/Makefile Wed Jan 23 14:37:44 2019 (r491040) +++ head/www/apache24/Makefile Wed Jan 23 14:40:53 2019 (r491041) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.37 +PORTVERSION= 2.4.38 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} Modified: head/www/apache24/distinfo ============================================================================== --- head/www/apache24/distinfo Wed Jan 23 14:37:44 2019 (r491040) +++ head/www/apache24/distinfo Wed Jan 23 14:40:53 2019 (r491041) @@ -1,3 +1,3 @@ -TIMESTAMP = 1540301506 -SHA256 (apache24/httpd-2.4.37.tar.bz2) = 3498dc5c6772fac2eb7307dc7963122ffe243b5e806e0be4fb51974ff759d726 -SIZE (apache24/httpd-2.4.37.tar.bz2) = 7031632 +TIMESTAMP = 1548149918 +SHA256 (apache24/httpd-2.4.38.tar.bz2) = 7dc65857a994c98370dc4334b260101a7a04be60e6e74a5c57a6dee1bc8f394a +SIZE (apache24/httpd-2.4.38.tar.bz2) = 7035030
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901231440.x0NEesSe012858>